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Description 

FIREWALL SWITCHING SYSTEM FOR 
COMMUNICATION SYSTEM 
APPLICATIONS 

Background of Invention 

[0001] The present invention relates generally to systems and 
methods of identifying and preventing passage of unde- 
sired content in a communication signal. More particu- 
larly, the present invention is related to a system and 
method of adjusting operating mode of a firewall protec- 
tion system and the passage of material content 
therethrough. 

[0002] The Internet is a vast collection of resources from around 
the world. Computers that have access to the Internet can 
send and receive data to and from millions of computers 
via various communication networks. Large amounts of 
data and information are available and easily accessible. In 
many situations, it is desirable to limit the amount or type 
of information that a computer can retrieve and receive. 



For example, in a business, school, or even a personal 
computer setting environment the retrieval of porno- 
graphic or violent material content may be undesirable. In 
another example, content may be retrieved by a computer 
from an unknown or unreliable source that may contain 
spam, such as advertisements or junk mail, or viruses, 
which can be annoying or negatively affect system perfor- 
mance. 

[0003] Various firewalls have been developed to prevent access 
to or reception of undesirable content. Firewalls were 
once only considered important for large corporations and 
network providers. However, with the advent of consumer 
broadband and the proliferation of automated hacking 
tools, the use of protective firewall technologies has be- 
come important to small businesses and even the average 
individual user. 

[0004] Broadband users tend to maintain connection to the Inter- 
net or to the World Wide Web (WWW) for extended and 
continuous periods of time, as opposed to dial-up users, 
which tend to be session based. As a result of the contin- 
uous connectivity, the broadband user is more susceptible 
and vulnerable to hackers seeking unauthorized access to 
the computer of the broadband user. The threat of hack- 



ers, as well as the access to undesirable information has 
led to a large number of commercially available firewall 
solutions, which can be characterized as software- based 
or hardware-based. Unfortunately, both the current soft- 
ware-based and the current hardware-based approaches 
have associated disadvantages. 
[0005] Software- based firewalls consist of software programs 
that monitor and protect network traffic at the central 
processing unit (CPU) level. Programs, such as BlacklCE™, 
Zone Alarm®, and Norton™ Personal Firewall, have be- 
come increasingly popular. The disadvantages with using 
these programs are that they suffer from all of the normal 
installation, compatibility, and conflict issues associated 
and encountered with existing software programs. Also, 
although the programs are powerful and flexible in usage, 
they are difficult to configure, maintain, and update by the 
average user. A typical user installs a software firewall in a 
base configuration and then never reopens or adjusts any 
of the settings contained therein. To adjust a software 
firewall, for example in a Windows® based setting, a user 
must be familiar with the various software screens or win- 
dows and the settings in each window. The act of per- 
forming a software adjustment can be complicated and 



time consuming. 

[0006] Hardware- based firewalls refer to software programs that 
are utilized and contained directly in a computer system 
modem. This is a significant advantage in that the hard- 
ware firewalls are essentially operational from the moment 
the modem is connected and activated. The hardware fire- 
walls require little to no configuring to operate. The hard- 
ware firewalls can also support multiple computers, in a 
gateway or hub configuration. 

[0007] However, hardware firewalls also have associated disad- 
vantages, which include having default settings that pre- 
clude the use of peer-to-peer applications, such as multi- 
player games. It is difficult for the average user to recon- 
figure a hardware firewall to accommodate these types of 
applications. To reconfigure a hardware firewall the user 
must know the Internet protocol (IP) address of the mo- 
dem in order to access the modem configuration inter- 
face. The user must also know the specific values that 
need to be altered in the interface to appropriately alter 
the firewall. 

[0008] Thus, there exists a need for an improved firewall system 
and method that allows for simple, easy, and quick ad- 
justment of firewall settings. 



Brief Description of Drawings 

[0009] Figure 1 is a block diagrammatic view of a material con- 
tent setting adjustment system that utilizes a hardware- 
based interface mode adjustment switch in accordance 
with an embodiment of the present invention; 

[0010] Figure 2 is a block diagrammatic view of a material con- 
tent setting adjustment system that utilizes a software- 
based interface mode adjustment switch in accordance 
with another embodiment of the present invention; 

[0011] Figure 3 is a front view of an interface illustrating a sam- 
ple implementation of a binary interface mode adjustment 
switch in accordance with multiple embodiments of the 
present invention; 

[0012] Figure 4 is a front view of an interface illustrating a sam- 
ple implementation of a multi-stage interface mode ad- 
justment switch in accordance with multiple embodiments 
of the present invention; and 

[0013] Figure 5 is a logic flow diagram illustrating a method of 
adjusting passage of material content within a communi- 
cation system in accordance with an embodiment of the 

present invention. 
Detailed Description 



[0014] | n eacn of the following figures, the same reference nu- 
merals are used to refer to the same components. While 
the present invention is described with respect to a sys- 
tem and method of adjusting operating mode of a firewall 
protection system and the passage of material content 
therethrough, the present invention may be adapted to be 
used in various communication systems known in the art. 
The present invention may be applied in applications, 
such as broadband modem applications, digital subscriber 
line (DSL) applications, cable applications, satellite com- 
munication applications, wireless communication applica- 
tions, and analog communication applications. Also, the 
present invention may be applied at customer sites, within 
remote terminals, at central offices, at call centers, or at 
various other sites, terminals, or centers known in the art. 

[0015] | n the following description, various operating parameters 
and components are described for one constructed em- 
bodiment. These specific parameters and components are 
included as examples and are not meant to be limiting. 

[0016] Also, the term "material content related information" may 
refer to keyword or pattern identification parameters, In- 
ternet address identification information, URL site identi- 
fication parameters, packet headers, or other related in- 



formation. The material content related information is 
used to identify undesirable material content or network 
sites that have or provide undesirable material content, 
such that passage of such material is prevented to the 
terminal of concern. For example, the site identifier asso- 
ciated with an Internet site that is known for containing 
undesirable spam material is considered material content 
related information. 
[0017] Additionally, the term "terminal" may refer to a stand- 
alone computer or may refer to a computer access termi- 
nal that is coupled to a central computing station, such as 
a mainframe. A terminal may or may not have a central 
processing unit. A terminal may also refer to a main 
frame, a workstation, or other operating system known in 
the art. 

[0018] The present invention provides a system and method for 
selectively determining passage level of material content 
within a communication system. A material content set- 
ting adjustment system includes a computer and an inter- 
face. The interface facilitates communication between the 
computer and a network. An interface mode adjustment 
switch has multiple physical operating mode positions. A 
controller is coupled to the interface mode adjustment 



switch. The controller selectively determines passage of 
material content between the computer and the interface 
in response to position of the interface mode adjustment 
switch. 

[0019] The embodiments of the present invention provide several 
advantages. One such advantage is the provision of an in- 
terface mode adjustment switch that has multiple physical 
positions, which may be manually adjusted by a system 
user. The adjustment switch allows a user to easily and 
quickly adjust a firewall setting or material content pas- 
sage level. The adjustment switch also provides visual in- 
dication of the state of a firewall at any moment in time. 

[0020] Another advantage that is provided by multiple embodi- 
ments of the present invention is the provision of operat- 
ing a controller of a material content setting adjustment 
system in a learning mode. In so doing, the controller is 
able to monitor the network activity to a computer and 
adjust the security level or passage of select material in 
response thereto. This further maintains a high level of 
security with a minimum level of user interaction. 

[0021] Furthermore, the present invention is versatile in that it 
may be applied to various communication applications 
and may provide varying levels of firewall protection. 



[0022] Referring now to Figure 1, a block diagrammatic view of a 
material content setting adjustment system 10 that uti- 
lizes a hardware-based interface mode adjustment switch 
12 in accordance with an embodiment of the present in- 
vention is shown. The material content system includes an 
interface 14 that is coupled between multiple user termi- 
nals 16 and a network 18. The interface 14 may be di- 
rectly coupled to the terminals 16, as shown by terminal 
20, or may be indirectly coupled to the terminals 16, as 
shown by terminals 22. The interface 14 is coupled to the 
terminals 22 via a hub 24. The interface 14 receives ma- 
terial content from the network 18 via a service provider 
26. The interface 14 is coupled to the network 18 via a 
connection 28. The interface 14 includes the adjustment 
switch 12, which is coupled to a controller 30. The adjust- 
ment switch 12 is manually actuated by a user to adjust a 
current security operating level of the controller 30. The 
controller 30 contains firewall or material content filtering 
software that is used to prevent passage of undesirable 
material between the network 18 and the terminals 16. 

[0023] The interface 14 determines whether to allow passage of 
the material content received from the network 18 to the 
terminals 16. The interface 14 may be in the form of a 



router, a modem, a gateway, a high-speed communication 
interface, or some other interface known in the art. The 
interface 14 may include the controller 30 and a memory 
32. The memory 32 is coupled to the controller 30 and 
stores the material content related information. The con- 
troller 30 uses the material content related information in 
the determination of whether to allow passage of incom- 
ing material. 

[0024] The memory 32 may be in the form of RAM or ROM and 
may be located within the interface 14, as shown, or may 
be located within the terminals 16, the hub 24, may be a 
separate stand alone device, or a combination thereof. 
The memory 32 contains undesirable material content 
lists 34. The lists 34 may have keywords, patterns, Inter- 
net address identifiers, specific Internet Protocols, Internet 
Ports, site identifiers, packet identifiers, or other undesir- 
able information related identifiers known in the art. The 
lists 34 may be stored in various form, such as in tables, 
separate lists, trees, or in some other form known in the 
art. 

[0025] The network 18 may be in the form of an Internet, an In- 
tranet, an Extranet, or may be in some other network form 
known in the art. The network may be used to access the 



Internet and the World Wide Web (WWW). 

[0026] The hub 24 may be in the form of a routing device that 
routes communication signals between the interface 14 
and the terminals 16. The hub 24 may be in the form of a 
central computing or operating station, a mainframe, or 
other routing or central operating station known in the 
art. The hub 24 and the interface 14 may be integrally 
formed as a single unit or may be separate stand-alone 
units, as shown. 

[0027] The service provider 26 may be an Internet service 

provider, a network service provider, or some other ser- 
vice provider known in the art. In an embodiment of the 
present invention, the service provider 26 is an Internet 
service provider and provides access to the Internet. 

[0028] The connection 28 is used for communication between 

the interface 14 and the service provider 26. The connec- 
tion 28 may be in the form of a wired or wireless connec- 
tion. The connection 28 may be a high-speed communi- 
cation connection, a DSL connection, a communication- 
sunity antenna television connection, a satellite connec- 
tion, a wireless connection, a broadband cable connection, 
an Internet connection, an analog connection, or other 
communication connection known in the art. 



[0029] The adjustment switch 12 is hardware- based and has 
multiple physical operating mode positions. In one em- 
bodiment of the present invention, the adjustment switch 
12 is mounted on a housing 36, as best seen in Figures 3 
and 4, of the interface 14 and is located proximate one or 
more of the terminals 16. A user may adjust the security 
level of the system 10 by actuating the adjustment switch 
12. The adjustment switch 12 may be in the form of a 
toggle switch, a rotary switch, a push button switch, a 
rocker switch, a slide switch, a keylock switch, some other 
type of switch known in the art, or a combination thereof. 
The adjustment switch 12 may be mounted in the inter- 
face 14, as shown, in the terminals 16, or in various other 
housings known in the art. 

[0030] The controller 30 may be microprocessor based such as a 
computer having a central processing unit, memory (RAM 
and/or ROM), and associated input and output buses. The 
controller 30 may be an application-specific integrated 
circuit or may be formed of other logic devices known in 
the art. The controller 30 may be a portion of a central 
control unit of the interface 14, as shown, of the terminals 
16, of the hub 24, or may be a stand-alone controller. The 
controller 30 has multiple security level operating modes 



that correspond with the multiple positions of the adjust- 
ment switch 12. 

[0031] Referring now to Figure 2, a block diagrammatic view of a 
material content setting adjustment system 10' that uti- 
lizes a software- based interface mode adjustment switch 
40 in accordance with another embodiment of the present 
invention is shown. The adjustment system 10' includes 
an interface 14' that is coupled between a computer 42 
and the service provider 26. The service provider 26 pro- 
vides access to the network 18 for the computer 42. The 
computer 42 includes the software- based switch 40. 

[0032] The software- based switch 40 is similar to the hardware- 
based switch 12 in that actuation or selection adjustment 
of the software- based switch 40 adjusts security level set- 
ting of the controller 30. The software-based switch 40 
has multiple software-represented positions that are 
viewable via a monitor 44. Positions of the software- 
based switch 40 correspond to multiple security level op- 
erating modes of the controller 30 and may be continu- 
ously viewed on the monitor 44, such as on the software 
or computer system desktop 46. The software- based 
switch 40 may have onscreen representations that resem- 
ble a toggle switch, a rotary switch, a push button switch, 



a rocker switch, a slide switch, a keylock switch, some 
other type of switch known in the art, or a combination 
thereof. The software-based switch 40 may be accessed 
through a pull-down or pull-up window or through a des- 
ignated icon. 

[0033] Referring now to Figure 1 and to Figures 3 and 4, which 
show front views of interfaces 14" and 14"' illustrating 
sample implementations of a binary interface mode ad- 
justment switch 50 and of a multi-stage interface mode 
adjustment switch 52, respectively, in accordance with 
embodiments of the present invention. Although the 
switches 50 and 52 are shown in hardware form, they may 
be in software form and have similar positions or settings. 
The interfaces 14" and 14'" may have various indicators, 
such as a power indicator 54, a digital subscriber line in- 
dicator 56, an Internet indicator 58, an Ethernet indicator 
60, and an activity indicator 62, and a firewall or firewall 
security indicator 64, as well as other indicators known in 
the art. 

[0034] | n the embodiment of Figure 3, the binary switch 50 has 
two positions that correspond to a firewall activated mode 
and a firewall deactivated mode. The activated mode or 
blocking mode refers to when the firewall software is ac- 



tive and is being used to prevent passage of undesirable 
material content between the network 18 and the termi- 
nals 16. The deactivated mode or non-blocking mode 
refers to when the firewall software is inactive and is not 
being used to prevent passage of undesirable material. 

[0035] | n the embodiment of Figure 4, the multi-stage switch 52 
has three positions that correspond to a firewall activated 
mode, a learning mode, and a firewall deactivated mode. 
The activated and deactivated modes for the multi-stage 
switch 52 are similar to the activated and deactivated 
modes of the binary switch 50. The learning mode refers 
to when the controller 30 is "learning" or adjusting con- 
tent of the undesirable material content lists 34 according 
to activity between a terminal 16 and a network 18, such 
as activity between user selected sites and a computer. 
The learning mode is described in further detail below in 
the method of Figure 5. 

[0036] The power indicator 54 illuminates when the interface 14 
receives power. The digital subscriber line indicator 56, 
the Internet indicator 58, and the Ethernet indicator 60 il- 
luminate, respectively, when communication is being per- 
formed via a DSL line (not shown), with the Internet, or via 
an Ethernet connection (also not shown). The activity indi- 



cator 62 illuminates when there is communication activity 
between the service provider 26 and at least one of the 
terminals 16. The firewall indicator 64 indicates a current 
security level of the interface 14. Any number of the 
above-stated indicators may be utilized. The indicators 
54, 56, 58, 60, 62, and 64 may be in various shapes, 
styles, and forms. 

[0037] Although the switches 50 and 52 are shown as having a 
set number of positions, the switches utilized by the vari- 
ous embodiment of the present invention may have any 
number of positions, associated operating modes, and 
corresponding levels of security. 

[0038] Referring now to Figure 5, a logic flow diagram illustrating 
a method of adjusting passage of material content within 
a communication system in accordance with an embodi- 
ment of the present invention is shown. Although the 
method of Figure 5 is described primarily with respect to 
the embodiments of Figures 1 and 4, the method may be 
easily modified for other embodiments of the present in- 
vention. 

[0039] | n s tep 100, the interface 14 facilitates communication 

between the terminals 16 and the network 18. The inter- 
face 14 allows the terminals 16 to communicate with the 



network 18 by providing appropriate signal conversions. 
The interface 14 may convert digital signals to analog sig- 
nals and vice versa. 

[0040] | n s tep 102, a security level or material content passage 
operating mode is selected by the physical position of the 
switch 12. The selected security level corresponds with a 
certain desired level of filtering the material content. The 
user may adjust the operating mode by adjusting the po- 
sition of the switch 12. The user may select from any 
number of operating modes. In the example embodiment 
of Figure 5, the user may select from a blocking mode (a 
high security level mode), a learning mode (a medium se- 
curity level operating mode), or a non-blocking mode (a 
low security level operating mode), which are further de- 
scribed in the following steps. When the switch 12 is soft- 
ware-based the user may select, adjust, or actuate the 
switch via a keyboard, a mouse, a touch screen, or by 
some other input device known in the art. 

[0041] | n step 104, the controller 30 operates in the selected 
mode in response to the position of the switch 12. The 
controller 30 determines the passage of material content 
between the network 18 and the terminals 16 in response 
to the selected mode. 



[0042] | n s t e p 104A, the controller 30 operates in the non- 
blocking mode. The controller 30 allows the passage of a 
majority of information between the terminals 16 and the 
network 18. The controller 30 may not allow, for example, 
passage of information that is deemed to be virus related 
or information that may damage or hinder system opera- 
tion. 

[0043] | n s tep 104B, the controller 30 operates in the learning 
mode. In the learning mode the firewall software is being 
utilized in a non-blocking or partially blocking fashion, 
such that the user is able to receive the material content 
from selected sites without the filtering thereof. The ter- 
minal 16 may receive information from the selected sites 
that may normally be considered undesirable. For exam- 
ple, the terminals 16 may have access to peer-to-peer 
applications. The controller 30 may remain in the learning 
mode indefinitely, until the user selects a different oper- 
ating mode, or for a predetermined length of time. By in- 
corporation of the learning mode, the user is able to re- 
duce the security level for specific tasks without the user 
being required to adjust software settings within the in- 
terface 14. 

[0044] in step 104B1, the controller 30 monitors system activity 



by the user and between the terminals 16 and the network 
18. In step 104B2, the controller 30 adjusts the contents 
of the undesirable material content lists 34 in response to 
the monitored activity. The controller 30 adjusts the lists 
34 to allow activity from the selected sites or ports in the 
future when operating in the blocking mode. 
[0045] | n s tep 104C, the controller 30 operates in the blocking 
mode. The controller 30 filters information that corre- 
sponds to the material contained in the lists 34. The con- 
troller 30 allows passage of the material corresponding to 
the sites or ports having activity, as determined in step 
104B. 

[0046] | n s tep 106, which is similar to step 104C, the controller 
30 may be returned to the activated or blocking mode by 
lapse of the predetermined length of time or by actuation 
of the switch 12. The controller 30 "leaves open" or allows 
communication with the ports that were used during the 
learn mode, these ports are now considered desirable. 

[0047] The above-described steps are meant to be an illustrative 
example; the steps may be performed sequentially, simul- 
taneously, synchronously or in a different order depend- 
ing upon the application. 

[0048] The present invention provides an efficient and easy sys- 



tern and method for adjusting a firewall security level 
without the need for manually modifying multiple soft- 
ware settings. The present invention minimizes costs as- 
sociated with support calls that regard the configuring 
and reconfiguring of firewalls. The present invention al- 
lows a user to self configure a firewall without the need 
for a high level understanding of interface and firewall 
operation. 

[0049] The above-described system, to one skilled in the art, is 
capable of being adapted for various purposes and is not 
limited to control systems or other communication sys- 
tems. The above-described invention may also be varied 
without deviating from the spirit and scope of the inven- 
tion as contemplated by the following claims. 



